What Is Claimed Is: 



1 . A method to facilitate locking an adversary out of a network 
application, comprising: 

receiving at a server a request, including an authentication credential, to 
access the network application, wherein the authentication credential includes a 
user identifier associated with a user and a network address of a user device; 

examining an audit log to determine if the user identifier has been locked 
out from the network address; and 

if the user identifier has been locked out from the network address, 

denying access to the network application; 
otherwise, checking the authentication credential for validity, and 
if the authentication credential is valid, 

allowing access to the network application, 

otherwise, 

logging a failed attempt in the audit log, wherein the 
user identifier is locked out from the network address after 
a threshold number of failed attempts, and 

denying access to the network application; 
whereby the adversary is prevented from accomplishing an attack by 
masquerading as the user. 

2. The method of claim 1, further comprising imposing a global 
lockout for the user identifier after a threshold number of network addresses are 
locked out for the user identifier. 
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3. The method of claim 2, further comprising removing a lockout 
after a predetermined period of time. 

4. The method of claim 2, further comprising manually removing a 
lockout by an administrator of the server. 

5. The method of claim 1 , wherein the authentication credential 
includes a user name and a password. 

6. The method of claim 5, wherein checking the authentication 
credential for validity involves: 

verifying that an administrator has authorized access to the network 
application for a combination of the user name and the password; and 
determining if the request violates an access rule in a rule table. 

7. The method of claim 6, wherein the access rule can specify: 
an allowed time-of-day; 

an allowed number of access attempts; 
an allowed network address; and 
an allowed network domain. 

8. The method of claim 1 , wherein the network address includes an 
Internet Protocol address. 

9. A computer-readable storage medium storing instructions that 
when executed by a computer cause the computer to perform a method to 
facilitate locking an adversary out of a network application, comprising: 
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receiving at a server a request, including an authentication credential, to 
access the network application, wherein the authentication credential includes a 
user identifier associated with a user and a network address of a user device; 

examining an audit log to determine if the user identifier has been locked 
out from the network address; and 

if the user identifier has been locked out from the network address, 

denying access to the network application; 
otherwise, checking the authentication credential for validity, and 
if the authentication credential is valid, 

allowing access to the network application, 

otherwise, 

logging a failed attempt in the audit log, wherein the 
user identifier is locked out from the network address after 
a threshold number of failed attempts, and 

denying access to the network application; 
whereby the adversary is prevented from accomplishing an attack by 
masquerading as the user. 

10. The computer-readable storage medium of claim 9, the method 
further comprising imposing a global lockout for the user identifier after a 
threshold number of network addresses are locked out for the user identifier. 

1 1 . The computer-readable storage medium of claim 1 0, the method 
further comprising removing a lockout after a predetermined period of time. 

12. The computer-readable storage medium of claim 10, the method 
further comprising manually removing a lockout by an administrator of the server. 
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13. The computer-readable storage medium of claim 9, wherein the 
authentication credential includes a user name and a password. 

14. The computer-readable storage medium of claim 13, wherein 
checking the authentication credential for validity involves: 

verifying that an administrator has authorized access to the network 
application for a combination of the user name and the password; and 
determining if the request violates an access rule in a rule table. 

1 5 . The computer-readable storage medium of claim 1 4, wherein the 
access rule can specify: 

an allowed time-of-day; 
an allowed number of access attempts; 
an allowed network address; and 
an allowed network domain. 

16. The computer-readable storage medium of claim 9, wherein the 
network address includes an Internet Protocol address. 

17. An apparatus to facilitate locking an adversary out of a network 
application, comprising: 

a receiving mechanism that is configured to receive at a server a request, 
including an authentication credential, to access the network application, wherein 
the authentication credential includes a user identifier associated with a user and a 
network address of a user device; 
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7 an examining mechanism that is configured to examine an audit log to 

8 determine if the user identifier has been locked out from the network address; and 

9 an access mechanism that is configured to deny access to the user 

10 identifier if the user identifier has been locked out from the network address; 

1 1 a validation mechanism that is configured to check the authentication 

12 credential for validity, wherein the access mechanism is further configured to 

1 3 allow access if the authentication credential is valid; and 

14 a logging mechanism that is configured to log a failed attempt in the audit 

15 log, wherein the user identifier is locked out from the network address after a 

16 threshold number of failed attempts, and wherein the access mechanism is further 

17 configured to deny access to the user identifier after a failed access attempt; 

1 8 whereby the adversary is prevented from accomplishing an attack by 

1 9 masquerading as the user. 

1 18. The apparatus of claim 1 7, further comprising a lockout 

2 mechanism that is configured to impose a global lockout for the user identifier 

3 after a threshold number of network addresses are locked out for the user 

4 identifier. 

1 19. The apparatus of claim 1 8, further comprising a lockout removing 

2 mechanism that is configured to remove a lockout after a predetermined period of 

3 time. 

1 20. The apparatus of claim 1 8, further comprising a lockout removing 

2 mechanism that is configured to allow an administrator of the server to manually 

3 remove a lockout. 
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21. The apparatus of claim 1 7, wherein the authentication credential 
includes a user name and a password. 



22. The apparatus of claim 2 1 , further comprising: 

a verification mechanism that is configured to verify that an administrator 
has authorized access to the network application for a combination of the user 
name and the password; and 

a violation determining mechanism that is configured to determine if the 
request violates an access rule in a rule table. 

23. The apparatus of claim 22, wherein the access rule can specify: 
an allowed time-of-day; 

an allowed number of access attempts; 
an allowed network address; and 
an allowed network domain. 

24. The apparatus of claim 17, wherein the network address includes 
an Internet Protocol address. 
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